Pages:
Author

Topic: 3 Bitcoin Doomsday Scenarios I can't find much discussion on... - page 4. (Read 6212 times)

newbie
Activity: 47
Merit: 0
Moore's law is already cracking, from the perspective that IPC increases out of AMD and INTEL have been strictly nominal for the past few years. So from that narrative, which I think also holds strong (looking at the supercomputer list when you normalize some combination of flops/kw or cores/kw) in the proprietary chip market also (e.g. IBM).

So what's going to likely happen moving forward is that sha256 gets slowly eroded, which is basically what has happened to every other industry standard cryptographic algorithm.

In the ASIC chip industry, people are already down to 28 and 20nm. Soon enough  (e/g 1 year) when everyone in the industry has reached down to 20nm you'll see a plateau in computing power between chips. The competitive advantage will dissipate between manufacturers as everyone optimizes their chips at 20nm.

So the point is that there is basically no likelihood of a zeroday event where someoen ramps up enough computing power to brute force out sha256 tomorrow.

Again, isn't this just addressing the "front-door" approach, that everyone seems to stare themselves blind at?

Let's try this differently, how centralized are these pools?

Discus Fish    
GHash.IO    
KnCMiner    
AntPool    
(https://blockchain.info/pools)

What will it take to take them out, and if done, how long will they be down for?

Another scenario - how elaborate a hack will it take to link them together to do a 51% attack to empty some big wallets?

How many layers of security would you need to get through? How many stolen ssh keys will it take?
newbie
Activity: 47
Merit: 0
It is good that you are curious but your many questions aren't exactly new or haven't been addressed by security experts already.
In order to answer all your questions we would need to essentially discuss all the security best practices in Bitcoin and the open source movement in general which would involve far more time than a simple thread.
If that is true - where? I wrote my post because I went looking, and didn't find what you say exists.

I am well versed in computer security - and googling for the listed questions do not yield any quality leads. Perhaps my main question is this: Do you know if anybody has taken the time to compile a comprehensive wiki on the subject, and perhaps specifically, as it pertains to Bitcoin?

The closest I've been able to find is pages like https://en.bitcoin.it/wiki/Myths - and there are no real, hard numbers there. The words "Best practice" and Bitcoin do not seem to appear in close proximity, anywhere on the internet, and I see this as a barrier to Bitcoin's progress. 

How do they say... "Common sense is not so common".
full member
Activity: 179
Merit: 100
Moore's law is already cracking, from the perspective that IPC increases out of AMD and INTEL have been strictly nominal for the past few years. So from that narrative, which I think also holds strong (looking at the supercomputer list when you normalize some combination of flops/kw or cores/kw) in the proprietary chip market also (e.g. IBM).

So what's going to likely happen moving forward is that sha256 gets slowly eroded, which is basically what has happened to every other industry standard cryptographic algorithm.

In the ASIC chip industry, people are already down to 28 and 20nm. Soon enough  (e/g 1 year) when everyone in the industry has reached down to 20nm you'll see a plateau in computing power between chips. The competitive advantage will dissipate between manufacturers as everyone optimizes their chips at 20nm.

So the point is that there is basically no likelihood of a zeroday event where someoen ramps up enough computing power to brute force out sha256 tomorrow.
hero member
Activity: 658
Merit: 501
It is good that you are curious but your many questions aren't exactly new or haven't been addressed by security experts already.
In order to answer all your questions we would need to essentially discuss all the security best practices in Bitcoin and the open source movement in general which would involve far more time than a simple thread.

Bitcoin is as secure or insecure as you choose to make it. A mutisig paper wallet with the keys stored in different locations and different forms is essentially impossible to steal, unless you torture the owner into recovering the keys and than in that case you can use a dead mans switch or ntimelock to even protect against this vector of an attack.

I would suggest you start researching into computer security by first reading the available information.

As far as getting hard numbers on how many "man hours" has been invested in Bitcoin this is impossible to obtain as Bitcoin is a global open source project in which anyone can participate and many are anonymous with their contributions.
newbie
Activity: 47
Merit: 0
In a nutshell... I'm looking for hard numbers. It's easy to speculate, but unless you have hard numbers, you don't know much.

1) Yet - on Github - there are only 12 contributors with more than 50 commits. Does anyone actually know all these people, in person? How socially connected are the contributors? If someone were to take them out and replace them, one by one, or somehow engineer for them all to go on holiday, away from internet access, for a week or two, at the same time, after compromising their accounts, who would notice? :-D

How closely guarded is the Github infrastructure? How many people would you need to get by, to gain access to the server and modify the code without anyone picking it up right away?

But what I really meant is... what is the potential impact of code changes - how quickly does it propagate through the network? I'm sure someone can - and has already - written a piece of code that graphs the percentages of versions of bitcoin clients, and the lead time... but where is it?

Isn't this an important security metric that should be gathered?

And again... how many of the big pools and guys personally vet the code, line by line?

I'm looking for hard numbers... and I'm pretty sure that people seriously looking to mess with Bitcoin, and capable of doing so, has this.

(And considering the value that it contains, and the growth path, there certainly is more than enough incentive, as the potential payoff is huge!)

2) Again, looking for hard numbers. How much money and man hours has gone into the Bitcoin social- and physical infrastructure? In total. Spread over how much time? How much money would it take to launch something bigger, and more successful.

How big a of a global misinformation campaign will it take to remove public confidence in Bitcoin, and focus it on something else? How big are the syndicates operating in the space? How many are there? How many of the big exploits and hacks were likely carried out by governments? Who has made a list of institutions who may both be capable, and incentivised to do this?

3) Haha, I don't think anything can guard against this, except luck. This is, to me, the biggest threat - perhaps only cancelled out by the fact that we'd either have no more problems, or much bigger problems. Intelligent machines could upgrade the security for you, to something not recognizable by humans, in nanoseconds. Something that could take hundreds of human years to figure out or calculate could potentially be calculated or figured out and applied by intelligent machines in microseconds.

4) Many countries require critical infrastructure to maintain their own backup power systems, capable of running for months... but yes, there would be bigger problems. Still, what if you only had to take out 3 or 4 major powerlines, or grid transformers, to remove 90% of the hashing power from the network? Or even easier, just take an axe and a shovel and hack away at 5 or 10 fiber conduits, so your petahash grid can leap ahead... How long will it take for those to be repaired? Most lucrative potential return on investment.

Again, it's easy to speculate, but hard numbers are better.

I maintain that our civilization really is very civilized and advanced, seeing as that stupid, nasty things like this are quite rare. Perhaps we are, in some sense, all keenly aware of how insignificant even the biggest thing that we can accomplish, on this speck of dust, in infinite space, is.

5) I'm not talking about attacks on the protocol, I'm talking about physical access to the hardware and wallets. Good thieves rarely enter through the front door. And again... hard numbers: How many years of security experience protects said pool? How many layers of security? Do they have a worst case compromise recovery plan, and what is the impact? How many layers of security?

Has anyone penned down a good and comprehensive security protocol? And how many of the items on the protocol do they comply with / adhere to?
legendary
Activity: 4424
Merit: 4794
While I've seen 51% and Bad-actor/rational-actor type scenarios being discussed ad nauseam, and in-depth, my searches for any sort of unpacking of the following scenarios have been fruitless:

1) "Stealth" code changes, that could get slipped in via an update, to modify network operation in some unforeseen, but yet-to-conceive exploitable way.

there are atleast 100 coders checking the code and then many people in the community that double check it too. so chances of spotting stealth code are easy
2) Someone like the World Bank establishing their own, incompatible network.
thre are 500 altcoins already, who says one of them is not a world bank invention.. and more importantly who cares? bitcoin is bitcoin and does not need to be compatible with other altcoins or fiat. people that want to exchange one for another will find a way even if the blockchains do not talk to each other.
3) Computer intelligence optimizing ("cracking") the protocol
if there was a chance that 256bit encryption was at risk, then within 24 hours private/public keypairs could be updated to 1024bit. and funds would be moved across.
never underestimate how fast an update can outpace hackers/crackers exploits.. look how fast the heartbleed was figured out and the world updated its security.. how much data or value was lost... not much...
4) Isn't it perhaps most relevant how each GH is powered, and how easily that power can be removed by tactical means
if a national blackout occured bitcoin would be the least of your worries. within 12 hours all frozen food would start to thaw out and become unusable. people wont be able to get cash out of ATMS, shops would not be able to accept credit cards or bitcoins. meaning no commerce would happen. atleast bitcoin does not have to rely on american companies (visa/mastercard) so that non americans can still use bitcoin as electronic payment whilst most banks are closed due to no access to bank details.

5) Add to that security. Who holds this metric: How secure is each GH?
restored to a previous point.. ?? im not even going to comment on the stupidity of having restore points as thats the fungability argument. bitcoin will continue on as it should, as you say it would require a hell of alot of things in combination to cause the bitcoin ledger to be re-written and governments would not waste resources or risk fiat catastrophe based on bitcoin. after all there are over 100 FIAT currencies.. do you see america trying EMP explosions in russia and china to stop the BRICS development.
as for your comments on how secure is GH.. well better than KH better than MH, but not as good as TH and definetly not as good as PH.. so dont worry about the small stuff we are over 25% nearer to EH than dropping all of the way back to GH
[/quote]
hero member
Activity: 658
Merit: 501
1) "Stealth" code changes, that could get slipped in via an update, to modify network operation in some unforeseen, but yet-to-conceive exploitable way.

There are more than one Bitcoin Implementations or stacks which work with the Bitcoin Blockchain. Any bugs, backdoors, or problems with one and we can just use the other implementation like libbitcoin. https://wiki.unsystem.net/en/index.php/Main_Page

2) Someone like the World Bank establishing their own, incompatible network.
...coupled with an international media- and marketing campaign, backed by much more finance than the Bitcoin network, perhaps even offering lucrative-by-comparison shares in their new venture, to current Bitcoin players.

Countries have already and are already doing exactly this. Canada, Ecuador are two examples. You shouldn't be concerned about this because :

1) Their digital currencies will likely have security flaws - counterpartry risk from regulators or banks and/or inflation that allows them to steal from the public, and/or doesn't respect users privacy.
2) In the odd event they do create a cryptocurrency that both respects the privacy and property of users than great, we all win anyways, but Bitcoins first mover advantage will probably keep it ahead.


3) Computer intelligence optimizing ("cracking") the protocol

This is unlikely to happen but if this "black swan" event ever did occur than Bitcoin would be the least of anyone's problems as all fiat currency, corporate secrets, and state secrets will be open for everyone. If this ever did happen we could simply take a snapshot of the blockchain and switch algorithms.

4) Isn't it perhaps most relevant how each GH is powered, and how easily that power can be removed by tactical means
5) Add to that security. Who holds this metric: How secure is each GH?

A 51% attack only means that the attacker can do the following :
1) Temporarily prevent a transaction from occurring
2) Create 2-3 false transactions
This attack would quickly get noticed,prevented,  and possibly rolled back by the community.
member
Activity: 139
Merit: 10
newbie
Activity: 47
Merit: 0
Update: A lot of people are completely misunderstanding this thread, and we're on page 3 already. So here's the premise: Will a global currency system have any practical use in a global post apocalyptic scenario? Eg. global economic collapse, global police state, global nuclear winter, world wide killer virus outbreak, giant asteroid impact, sentient computers, etc...?

Perhaps not. But if it would, then the question is simple: What can we do now, to ensure that this currency will be Bitcoin, and to maximize its utility both today and at such a point in the future?

These are questions that I believe will lead to answers in aid of the above.


While I've seen 51% and Bad-actor/rational-actor type scenarios being discussed ad nauseam, and in-depth, and we know the encryption and protocol is very resilient, my searches for any sort of unpacking of the following scenarios have been fruitless:

1) "Stealth" code changes, that could get slipped in via an update, to modify network operation in some unforeseen, but yet-to-conceive exploitable way.
How huge a social-engineering effort would this take?
Do the huge-pool-guys vet every line of code themselves?
Does anyone log- and track stats on how quickly updates propagate throughout the network?
(This one looks pretty cool, but seems to have crashed: http://bitcoinstatus.rowit.co.uk/)

2) Someone big player, say the World Bank, establishing and promoting their own, incompatible network.
...coupled with an international media- and marketing campaign, backed by much more finance than the Bitcoin network, perhaps even offering lucrative-by-comparison shares in their new venture, to current Bitcoin players.
Once the mainstream is persuaded by the resilience and power of crypto-currency technology, it seems natural that they would adopt it... on their terms... doesn't it? What would the first ripples of this look like? Which banks are the key stakeholders? Is Bitcoin leading the pack to bank-adoption?

What is the man-hour- and dollar cost of launching something on par with what Bitcoin currently has?

3) Computer intelligence optimizing ("modifying") the protocol
...potentially silently taking control of the network (without anyone noticing) only to wield its power at some opportune watershed moment. Yes, I know, Sci-fi...The moment we have all been waiting for... with it's plausibility-spectrum all the way from "impossible" and "maybe in 100 years", to "an AI (or CI as I like to call it) will be algorithmically cheap enough to run on a smartphone", all the way to, "the *insert multinational organization* is already run by an AI." (eg. http://dilbert.com/blog/entry/how_the_robots_will_take_over/)

Sure, on the surface, the latter two scenarios are very hypothetical and unlikely... yet, if Bitcoin *is* the biggest hedge against global economic stability, doesn't that in fact highlight their relevance?...

But here are the stats that are within arms length, and I'd like to see... (shouldn't be hard to compile, even collect as part of the protocol...)

4) Isn't it relevant how each GH is powered and how easily that power can be removed by tactical means?
...to diminish the network hashrate as part of a global co-ordinated multi-faceted strike, the hashrates taken out only to come back up to a network beyond its recognition? Eg. How stable is the US national grid? Compared to those of other countries? What proportions of what countries' power grids run the internet - and Bitcoin? What is the minimum number of power stations that needs to get taken out? What is the minimum fire power required and the cost thereof? Or actually, how many steel poles (of neglible cost) of what length would be needed to short out said power supplies?

5) Add to that security. How many layers of security and obscurity in the hardware+software that powers each GH/TH/PH/xH?
ie. How many layers of security? How agile is its management? How rapidly can the system be secured and restored to a previous point in time?

What I'm concerned with, in particular, is concerted efforts to gather metrics on factors relevant to the above, in a public forum.


Any links welcome... particularly to a Wiki or new https://blockchain.info/pools or https://blockchain.info/charts pages monitoring metrics relevant to any- or all of the above. I'm fairly certain the bigger players of the world keep tabs on the above, but shouldn't it be out in the open? How better to guard against it than having it in the public domain?

10 BTC in 1EfnAXe2dyuKiVXfGyoSBMSKqvzzQcfr3L will see me dedicate one month to compiling the best sources of the above information, as professionally as I can, and compile what I can on a live dashboard, and post the link here.
Pages:
Jump to: